Recent cyber-attacks of an unprecedented scale, carried out through the infiltration of various Internet of Things (IoT) devices, have caught the attention of the security world and set companies scrambling to update their cyber security measures. With October being National Cyber Security Awareness Month, these attacks and other emerging threats have garnered a high level of media attention and expert scrutiny, and we are determined to contribute to the dialogue by providing practical information and security advice.

The IoT is a catch-all phrase for internet-connected devices that could be thought of as secondary objects – routers, security cameras, thermostats, DVRs – that have the ability to collect and exchange data over a network, but are not necessarily used to surf the web. The IoT grows larger every day, and one report estimates that we could see up to 50 billion connected devices by 2020. But as the number of network-connected gadgets and devices climbs, common sense security practices are failing to keep up.

IoTgraph.png

Last month, hackers were able to hijack over 100,000 unprotected security cameras from one of the world’s largest security camera manufacturers. These cameras were used to create a botnet – a network of compromised devices controlled as a group – to flood targeted websites with page requests, forcing them to shut down. These sorts of attacks are nothing new, but the particular malware used to control these devices is innovative, scanning the Internet for connected devices with weak login credentials, and copying itself onto any device it can crack.

IoT is in a poor state of security, with each device a potential entry point for hackers looking to gain access to the networks to which they’re connected. These devices continue to prove that they’re far too easy to breach; since IoT devices are frequently an afterthought for most businesses and consumers, they are often protected by weak passwords or no password at all. Strong password protection is a good first step toward securing your smart devices, but the current security climate calls for additional measures, as outlined below.

Tips for Securing Your Internet of Things

  • Take note of the security protocols used by your connected devices and make sure to do your research before making a purchase. IoT systems should be designed with security in mind – not as an afterthought.
  • Place IoT devices behind the protection of a stateful firewall.
  • Periodically ensure that the firmware of all your devices is up-to-date. Security updates are released more frequently than you may realize.
  • Don’t use a universal password for your smart devices. Hackers commonly obtain a single password that they can use to breach all the devices on a network.
  • Configure your wireless router to only leverage WPA2 and ensure that you are updating its firmware regularly.
  • Set up a separate network for your IoT devices to ensure that critical devices, systems, and computers are kept clear of any threats should one of your IoT devices be breached.
  • Replace outdated technology that may not be capable of updating to relevant security standards.
  • Ensure that all network-connected cameras are pointed away from sensitive areas or covered when not in use.
  • Enforce shadow IT policies that prevent employees from bringing unsanctioned IoT devices into the workplace.

As a leader in cyber security and risk management services, Focal Point is an active participant in National Cyber Security Awareness Month.

For more information on how Focal Point can help secure your networks, infrastructure, and critical processes, request a conversation with a Focal Point cyber security expert.